CVE-2024-9824
📋 TL;DR
The ImagePress – Image Gallery WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to delete arbitrary posts and modify post titles. This affects all WordPress sites using plugin versions up to 1.2.2. The vulnerability stems from missing capability checks in two specific functions.
💻 Affected Systems
- ImagePress – Image Gallery WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Malicious authenticated users could delete critical content, deface the website by changing post titles, and cause permanent data loss and service disruption.
Likely Case
Low-privilege users or compromised accounts could delete or modify posts they shouldn't have access to, potentially causing content management issues and minor website defacement.
If Mitigated
With proper user access controls and monitoring, impact would be limited to unauthorized post modifications that could be detected and rolled back.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple - just calling the vulnerable functions with appropriate parameters.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.3
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3167164/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'ImagePress – Image Gallery'. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 1.2.3+ from WordPress plugin repository.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the ImagePress – Image Gallery plugin until patched
Restrict user roles
allLimit Subscriber and other low-privilege user accounts until patch is applied
🧯 If You Can't Patch
- Implement strict user access controls and monitor for unusual post deletion/modification activity
- Use WordPress security plugins to add additional capability checks and audit logging
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins → ImagePress – Image Gallery version. If version is 1.2.2 or lower, you are vulnerable.Check Version:
wp plugin list --name='image-gallery' --field=version (if WP-CLI installed)Verify Fix Applied:
After updating, verify plugin version shows 1.2.3 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual post deletion events from low-privilege users
- Post title modifications from non-admin users
- Multiple failed authorization attempts followed by post modifications
Network Indicators:
- POST requests to WordPress admin-ajax.php or admin-post.php with ip_delete_post or ip_update_post_title actions
SIEM Query:
source="wordpress" AND (action="ip_delete_post" OR action="ip_update_post_title") AND user_role!="administrator"🔗 References
- https://plugins.trac.wordpress.org/browser/image-gallery/trunk/includes/functions.php#L204
- https://plugins.trac.wordpress.org/browser/image-gallery/trunk/includes/functions.php#L214
- https://plugins.trac.wordpress.org/changeset/3167164/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/3bce6872-34d4-4675-bce9-e1197d801bce?source=cve
